uapi/linux/capability.h

1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
11  * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
19 /* User-level do most of the mapping between kernel and user
33 #define _LINUX_CAPABILITY_VERSION_2  0x20071026  /* deprecated - use v3 */
96  * Backwardly compatible definition for source code - trapped in a
97  * 32-bit world. If you find you need this, please consider using
107  ** POSIX-draft defined capabilities.
122 /* Overrides all DAC restrictions regarding read and search on files
128 /* Overrides all restrictions about allowed operations on files, where
162  ** Linux-specific capabilities
201 /* Allow read/write of device-specific registers */
222 /* Insert and remove kernel modules - modify kernel without limit */
269 /* Allow reading non-standardized portions of pci configuration space */
272 /* Allow sending raw qic-117 commands */
287 /* Allow use of FIFO and round-robin (realtime) scheduling on own
296 /* Override resource limits. Set resource limits. */
301 /* NOTE: ext2 honors fsuid when checking for resource overrides, so
304 /* Allow more than 64hz interrupts from the real-time clock */
313 /* Allow setting the real-time clock */
326 /* Allow taking of leases on files */
338 /* Set or remove capabilities on files.
385  * - Creating all types of BPF maps
386  * - Advanced verifier features
387  *   - Indirect variable access
388  *   - Bounded loops
389  *   - BPF to BPF function calls
390  *   - Scalar precision tracking
391  *   - Larger complexity limits
392  *   - Dead code elimination
393  *   - And potentially other features
394  * - Loading BPF Type Format (BTF) data
395  * - Retrieve xlated and JITed code of BPF programs
396  * - Use bpf_spin_lock() helper
399  * - BPF progs can use of pointer-to-integer conversions
400  * - speculation attack hardening measures are bypassed
401  * - bpf_probe_read to read arbitrary kernel memory is allowed
402  * - bpf_trace_printk to print kernel memory is allowed
426  * Bit location of each capability (used by user-space library and kernel)